JPH0451864B2 - - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION Field of the Invention The present invention relates to a method for verifying hardware or components of a communication system. More particularly, the present invention relates to improvements useful in encrypted communication systems between spatially separated components or terminal devices.

[Prior Art and Problems to be Solved by the Invention] End-to-end communications are increasing in volume and importance. This communication may occur for a variety of purposes, such as electronic transfers of funds, transfers of credits in commercial transactions, and the like. One component that is becoming increasingly used and important in such systems is the "memory" or "smart" card. These cards have memory, processing units, and input/output devices mounted on a portable unit that is approximately the same size as a credit card. . Examples of such systems using so-called "memory" or "smart" cards are shown in US Pat. Nos. 3,702,464, 4,007,355 and 4,211,919.

Communication between end-to-end systems is often conducted without the supervision of system operators. This communication is carried out because at least a portion of the communication is carried out using a communication facility (e.g. telephone line, relay radio waves or satellite).
communication is carried out in remote locations, or labor-saving measures are used (e.g., bank terminals in bank lobbies that take over the labor of tellers). It's for a reason.

Various systems have been proposed to ensure the security of communications. Some have challenge password structures, some of which use random numbers as a challenge. These security systems typically leak useful or secret information to a terminal before the terminal is identified as a friendly terminal rather than a hostile terminal (eg, a fake). Once this information is in circulation, an unauthorized terminal, perhaps operated in unauthorized hands or in an unauthorized manner, can gain access to the system (e.g. withdraw cash from someone else's account). It is undesirable to provide such information before the (security) identity has been verified, as this may result in Examples of such security systems are U.S. Pat.
No. 4203166, No. 4218738, No. 4227253,
No. 4238853, No. 4238854, No. 4259720, No.
No. 4288659, No. 4295039, No. 4393269, No.
No. 4423289, No. 4453074, and No. 4471216.

SUMMARY OF THE INVENTION The present invention overcomes the limitations and shortcomings of prior art systems by providing a system that reliably identifies or verifies components of a communication system prior to transmitting useful information. It is something to be overcome. in this way,
Before any information is passed that may help gain unauthorized recognition and access to the system (perhaps when combined with information obtained in other failed intrusion attempts), the "fake" ( (unauthorized) terminals are identified and communication is stopped.

The present invention is a communication challenge in which a random number encrypted based on the key of a first terminal is passed to a second terminal. The second terminal then decrypts the encrypted number using the key and generates a random number if the keys are the same. The second terminal then encrypts the key using the derived form of the random number and
Generate a response to the terminal. The first terminal then uses the random number as a key to determine whether the response is an encrypted version of that key. If the response is a cipher for that key, the second terminal has been verified. If not, the terminal is identified as a stranger or imposter and communication is stopped.

EXAMPLE FIG. 1 illustrates an environment in which the present invention is particularly advantageous. The card 10 is detachably coupled to the terminal 10. The card 10 includes an input/output element 12 connected to a processing unit 14 that accesses a memory 16.
It is equipped with The terminal 20 comprises an input/output element 22 connected to a processing device 24, which in turn is connected to a storage device 26. Additionally, processing unit 24 may be connected to external devices such as a remote host system (not shown) via keyboard 27, display 28, and lines 29. Card 10 is preferably a so-called "smart" card of the type known in the art, discussed earlier herein, although other types of terminal-to-terminal security and verification are also important.

Before information is exchanged between card 10 and terminal 20, each must identify the other. During a preliminary action called a "handshake" routine, each device verifies the identity of the other. FIG. 2 shows a method for identifying one device with respect to another. in this case,
Card 10 is challenging terminal 20.

As shown in Figure 2, each unit (card 10
and terminal 20) are the stored private keys, i.e. K2 shown in block 30 in card 10, terminal 20).
It has K1 shown in block 31. If both the card and the terminal are genuine, the key K1 and
K2 will be the same.

A random number RN is generated in block 32 so that the card 10 can be challenged. It is of course necessary to use a new random number for each challenge to avoid wiretapping and compromising security. The random number RN is encrypted in block 33 using key K1, and the value is stored using a secure, irreversible type of encryption method, such as the Data Encryption Standard (DES), which has been adopted by various standards organizations and the U.S. government. X is generated. This value X is then sent over line 34 to card 10 using any communication technique agreed upon between the units. In block ³⁵ the value Naturally, if K1 and K2 are equal, this value Y is equal to a random number. Next, in block 36, the card uses the derived value Y as a key to enter its secret key
Encrypt K2 and form the value Z. The value Z is then sent back to the terminal 20 on line 37. Block 3
At 8, the value Z is decrypted by the terminal 20 using the random number RN, and the value A is derived. block 39
, it is tested whether A is equal to the terminal key K1. If value A is equal to key K1, the card is identified by line 40. If A is not equal to K1, the card will not be recognized on line 41 (because keys K1 and K2 would have been different).

Another embodiment for checking whether the key is correct is shown in dotted lines in FIG. At block 38A, terminal 20 calculates the value B. The value B is the key K1 encrypted using the random number RN as the key. this is,
This is the process that takes place while the card being challenged is being processed. calculated value B
But on line 37A at block 39A, block 3
It is compared with the value Z from 6. If the values Z and B are equal (indicating that keys K1 and K2 are equal), the card (or the other terminal) is identified via line 40A. If Z is not equal to B, the keys K1 and
K2 should be different and the card should be line 41
Not identified by A.

After one unit is recognized by the other, the second unit is challenged (recognized) by the first unit to complete the identification process. In this case, card 10 is connected to terminal 20.
The card 10 then issues a challenge to the terminal 20 to identify the terminal 20. A second random number is generated on the card, which is encrypted using the key K2 and sent to the terminal 20. Terminal 20
Then, it is decrypted using key K1 to form a new value. This new value is used as a key to encrypt key K1, which is sent back to the card.
If the decrypted version of the returned value is equal to the original key, terminal 20 is identified and communication can begin. The random number RN can be advantageously used in later processing, for example as a session key.

Naturally, if one party cannot be identified, the transmission process is halted to avoid compromising security by disclosing information to an impostor. Merely because one identifies the other, the card 10 or the terminal 20 may be fake, and a fake terminal or a fake card would jeopardize the security of the entire system.
Insufficient to initiate communication.

The discussion of recognition carried out between devices is a confirmation of the hardware involved in the communication, not the identity of individual users. It is also desirable in many applications to uniquely identify users by well-known techniques such as personal identification numbers or other personal identification methods.
One of the many methods proposed in the prior art, such as fingerprint identification, signature identification, etc., can be implemented as a personal identification method.

Many changes can be made to the system described in the above discussion without departing from the spirit of the invention. Additionally, some features of the invention include:
It can be used alone without any other features corresponding to it. Although the present invention has been described with reference to an embodiment of confirmation between a terminal and a card, it can be similarly applied to other types of communication such as between two terminals or between a terminal and a host system. Accordingly, the description of the best mode of carrying out the invention is intended to be illustrative rather than limiting on the principles of the invention.

[Effects of the Invention] The present invention has the advantageous effect of refusing to provide useful information until the terminal is verified. This effect allows a coordinated attack to obtain sufficient information about challenges and unacceptable responses to generate more probable responses and ultimately gain unauthorized access to the system. is prevented.

The invention further has the advantage that the random numbers generated and used in the challenge are fully preserved and can be used later for end-to-end communication. Using random numbers as session keys can improve the quality of security over current end-to-end secure communication systems.

[Brief explanation of drawings]

FIG. 1 is a block diagram illustrating hardware related to the secure component verification system of the present invention. FIG. 2 is a block diagram of the process associated with the preferred embodiment of the present invention in which components are identified without passing any useful information. 10...Card, 20...Terminal, 30...Private key (K2), 31...Private key (K1), 32...
Random number (RN).

Claims (1)

[Scope of Claims] 1. A method for the first terminal to verify the second terminal, in which the first and second terminals each have an encryption key, and the second terminal is verified when both encryption keys are equal. generating a first number at the first terminal;
generating a second number by encrypting a first number using an encryption key of a terminal; sending the second number to the second terminal; using the encryption key of the second terminal; generating a third number at the second terminal by decrypting the second number; encrypting the encryption key of the second terminal using the third number as a key; generating a fourth number at two terminals; sending the fourth number to the first terminal; using the first number as a key at the first terminal; A terminal confirmation method comprising: confirming that the encryption key of the first terminal is the same as the encrypted one, and thereby confirming the second terminal.